# Reference existing IAM role data "aws_iam_role" "lambda_exec_role" { name = "lambda-exec-role" } # Reference existing ECR repository data "aws_ecr_repository" "lambda_example" { name = "lambda_example" } # SQS queue for lambda_example resource "aws_sqs_queue" "lambda_example_queue" { name = "lambda-example-queue" } # # Custom IAM policy specific to lambda_example # resource "aws_iam_policy" "lambda_example_policy" { # name = "lambda-example-policy" # policy = jsonencode({ # Version = "2012-10-17", # Statement = [ # { # Effect = "Allow", # Action = [ # "sqs:ReceiveMessage", # "sqs:DeleteMessage", # "sqs:GetQueueAttributes", # "sqs:GetQueueUrl", # "sqs:ChangeMessageVisibility" # ], # Resource = aws_sqs_queue.lambda_example_queue.arn # }, # { # Effect = "Allow", # Action = [ # "ecr:GetDownloadUrlForLayer", # "ecr:BatchGetImage", # "ecr:BatchCheckLayerAvailability" # ], # Resource = data.aws_ecr_repository.lambda_example.arn # }, # { # Effect = "Allow", # Action = ["ecr:GetAuthorizationToken"], # Resource = "*" # } # ] # }) # } data "aws_iam_policy" "lambda_example_policy" { # Existing customer-managed policy ARN: arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/lambda_example_policy" } resource "aws_iam_role_policy_attachment" "lambda_example_policy_attach" { role = data.aws_iam_role.lambda_exec_role.name policy_arn = aws_iam_policy.lambda_example_policy.arn } # Lambda function resource "aws_lambda_function" "lambda_example" { function_name = "lambda-example" role = data.aws_iam_role.lambda_exec_role.arn package_type = "Image" image_uri = "${data.aws_ecr_repository.lambda_example.repository_url}:${var.lambda_image_tag}" timeout = 10 } # SQS trigger resource "aws_lambda_event_source_mapping" "lambda_example_trigger" { event_source_arn = aws_sqs_queue.lambda_example_queue.arn function_name = aws_lambda_function.lambda_example.arn batch_size = 1 }